Calculus semantic with values passing in the denotational approach

JAQUELINE KLEIN GALLI

π-Calculus Semantic with Values Passing in

the Denotational Approach

Thesis presented in partial fulfillment of the requirements for the degree of Master of Computer Science

Advisor: Prof. Dr. Daltro José Nunes

Porto Alegre August 2020

Galli, Jaqueline Klein

π-Calculus Semantic with Values Passing in the Deno-tational Approach / Jaqueline Klein Galli. – Porto Alegre: PPGC da UFRGS, 2020.

61 f.: il.

Thesis (Master) – Universidade Federal do Rio Grande do Sul. Programa de Pós-Graduação em Computação, Porto Alegre, BR– RS, 2020. Advisor: Daltro José Nunes.

1. Formal Methods. 2. Pi-Calculus. 3. Denotational Semantic. 4. Values Passing. I. Nunes, Daltro José. II. Título.

UNIVERSIDADE FEDERAL DO RIO GRANDE DO SUL Reitor: Prof. Rui Vicente Oppermann

Vice-Reitora: Profa. Jane Fraga Tutikian

Pró-Reitor de Pós-Graduação: Prof. Celso Giannetti Loureiro Chaves Diretora do Instituto de Informática: Profa_{. Carla Maria Dal Sasso Freitas}

Coordenadora do PPGC: Profa. Luciana Salete Buriol

My sincere gratitude to my family and friends, who always believed in me, and sup-ported me in my choices. A special thank you to my dad Paulo for your companionship, pa-tience and emotional support at all times, my mom Vilma for your love and motivation, and my brother Gustavo for never let me give up.

I would especially like to thank my advisor Prof. Dr. Daltro José Nunes for his guidance through the development of this dissertation, for believing in me when no one else did, and for never treating me differently because of gender, age, or area of study. Also, to thank for always being available to meet my difficulties with dedication and patience, and for serving as a reference of the researcher I want to be. Without his support and motivation, this work would not be possible.

I would also like to thank my friends and colleagues from the Federal University of Rio Grande do Sul (UFRGS), for their help, support, friendship, ideas and companionship. To those whose name I did not mention, but helped me developing this work in any way, thank you all. Finally, I must acknowledge that this research would not have been possible without the financial assistance of CNPq and the infrastructure provided by the Federal University of Rio Grande do Sul.

In the last recent years, there was a noticeable increase in the use of formal verification by the industry, and the reason for that is because the formal languages are each time more enhanced, and the tools that support those languages were developed. Although there is a higher use in critical systems, the application can also avoid execution errors and, consequently, update the system with bugs’ correction as a goal. The extension of these languages makes them wider in their applicability and the creation of tools makes the use easier for lay or lack of experience users. The use of formal languages in a critical systems development ensures the operation to work and, at the same time, the benefit-cost of the time used in a formal verification of a system specification, is lower when a tool is available. The formal π-Calculus method is largely used in labeled transition and mobile systems, because it shows competition, mobility and creation of new links. Even with a wide applicability, it presents some limitations for the user, for example, there is neither formal language nor tools that can support it. π-Calculus is an extension of CCS (Calculus of Communication System) that shows operation semantics, however, no value pass-ing. In this dissertation, is presented a denotational semantic for the π-Calculus, based in the mapping of syntactic phrases in semantics domain through semantics function, that gives struc-ture for a creation of a formal language. Besides that, the denotational approach makes the tools implementation much easier, as it is the case of LOTOS and Maude. Along the denotational approach, we introduce the concepts of local memory (storage), temporary memory (environ-ment) and types of environment, providing the ideal conditions so is possible to demonstrate how the π-Calculus values passing occur. Thereby it was possible to verify, in an objective way, the mobility in this method, once that is clear how the communication channels passing works, peculiarity not found at CCS.

RESUMO

Nos últimos anos nota-se um aumento significativo na utilização de verificação formal pela indústria, pois as linguagens formais estão cada vez mais aprimoradas e ferramentas que supor-tem essas linguagens foram desenvolvidas. Embora tenha maior utilização em sissupor-temas críticos, a sua aplicação também pode evitar erros de execução e, consequentemente, a atualização de sistemas com propósito de correções de bugs. As extensões dessas linguagens as tornam mais abrangentes em sua aplicabilidade e a criação de ferramentas faz com que seu uso seja mais fácil para usuários leigos ou pouco experientes no assunto. O uso de linguagens formais no desenvolvimento de sistemas críticos assegura o funcionamento do sistema e, ao mesmo tempo, o custo/benefício do tempo usado na verificação formal de uma especificação de um sistema é menor quando se tem uma ferramenta. O método formal π-Cálculo é muito usado em sistemas de transição rotulada e sistemas móveis, pois apresenta concorrência, mobilidade e criação de novos links. Por mais abrangente que seja sua aplicabilidade, apresenta algumas limitações ao usuário como, por exemplo, não possui uma linguagem formal e nem ferramenta que o suporte. O π-Cálculo é uma extensão do CCS (Cálculo de Sistemas de Comunicação) que apresenta semântica operacional, entretanto sem passagens de valores. Nesta dissertação, apresentamos uma semântica denotacional para o π-Cálculo baseada no mapeamento de frases sintáticas em domínios semânticos através de funções semânticas, que dá estrutura para a criação de uma linguagem formal. Além disso, a abordagem denotacional facilita muito a implementação de ferramentas, como no caso do LOTOS e do Maude. Juntamente com a abordagem denotacional introduzimos os conceitos de memória (local), ambiente (temporária) e ambiente de tipos, pro-porcionando as condições necessárias para que pudéssemos demonstrar como se dá a passagem de valores no π-Cálculo. Assim foi possível verificar de forma objetiva a mobilidade nesse mé-todo uma vez que fica claro como se dá a passagem de canais de comunicação, particularidade não encontrada no CCS.

BNF Backus-Naur Form

CCS Calculus of Communicating Systems CSP Communicating Sequential Processes

ISO International Organization for Standardization LOTOS Language of Temporal Ordering Specification MWB Mobility Work-bench

OSI Open Systems Interconnection PNs Petri Nets

Figure 3.1 Initial state of the Dining Chinese Philosophers. ... 38

Figure 3.2 Dining to three Chinese Philosophers Problem. ... 39

Figure 5.1 Graph representation of a continuous circuit from S to Q. ... 53

Table 3.1 Reduction process of the P with environment behaviour and memory state (storage). ... 31 Table 3.2 Reduction process of the P with environment behaviour and memory state. ... 35 Table 3.3 The behaviour of the system when one philosopher chose to send your hashi

to right philosopher. Reduction by Diningn, with n = 3... 40

Table 3.4 Behaviour of the memory and environment in the Table 3.3 reductions. ... 41 Table 5.1 Reduction process of the P | Q with environment behaviour and memory state. .... 53 Table 5.2 Reduction process of the P | Q | R | S. ... 53

1 INTRODUCTION... 12

1.1 Related Works ... 13

1.1.1 Values Passing in CCS ... 13

1.1.2 Values Passing in LOTOS ... 14

1.2 Outline... 15 2 THE METHOD... 16 2.1 Concurrence ... 16 2.2 π-Calculus Method... 17 3 BASIC π-CALCULUS... 18 3.1 Label... 18

3.1.1 Label: Semantic Functions and Equations... 19

3.2 Message ... 20

3.2.1 Semantic Domains ... 20

3.2.2 Message: Semantic Functions and Equations... 22

3.3 Link ... 23

3.3.1 Synchronism ... 23

3.4 Conditional ... 24

3.4.1 Semantic Domains ... 24

3.4.2 Conditional: Semantic Functions and Equations... 24

3.5 π Prefix ... 25

3.5.1 π Prefix: Semantic Functions and Equations... 25

3.6 Process... 26

3.6.1 Action... 27

3.6.1.1 Action: Semantic Functions and Equations... 28

3.6.1.2 Substitution ... 28

3.6.1.3 Transition Relations ... 29

3.6.2 Process: Semantic Functions and Equations ... 30

3.7 The Process Reduction ... 31

3.7.1 Memory... 32

3.7.2 Environment... 33

3.7.3 Reduction of Process... 34

3.7.4 Structural Congruence ... 36

3.8 A Basic π-Calculus Application ... 37

3.8.1 Dining Chinese Philosophers Problem ... 37

4 TYPED π-CALCULUS ... 43

4.1 Defined Types ... 43

4.2 Type Environment... 44

4.2.1 Γ Type Environment: Semantic Functions and Equations... 46

5 VALUES PASSING... 48

5.1 Values Passing During Parallel Composition ... 48

5.2 Programming Language Constructs ... 51

5.3 Values Passing Examples... 52

6 CONCLUSION ... 55

6.1 Future Work ... 55

1 INTRODUCTION

Formal languages, and mathematical based methods, have been created to contain char-acteristics and formal semantics to develop critical systems. Cohen, Harwood and Jackson (1986) classify formal methods into three different types: concurrent methods, algebraic meth-ods, and model-based methods; but also many of them have extensions that allow them to de-velop systems in other areas. In this dissertation, the concern is precisely about the concurrent π-Calculus method (MILNER; PARROW; WALKER, 1992).

The π-Calculus method is an extension of another concurrent method, called CCS (MIL-NER, 1984), importing its structure and operations, such as parallelism and synchronism. How-ever, it is better that the CCS method in some aspects; for example, it adds the ability to create new communication channels; therefore, it facilitates mobility, parameter dependence and dy-namic reconfiguration. The most significant applicability of the π-Calculus method ranges from modeling telecommunications protocols to modeling object-oriented languages.

The usual semantic base used for the construction of this kind of method is the oper-ational semantics, adopted by Milner (1999), that uses inference rules. All of its extensions, and based literature, use this same semantics, which facilitates mathematical proofs of the pro-cesses evolution through reaction rules. However, it has been quite difficult to mature a formal language for this method, which consequently creates tools for systems development use. Only the Pict programming language by Pierce and Turner (2000) is based on π-Calculus, but it is still at the experimental stage.

Primarily for those reasons, this study presents the development of a denotational se-mantics for an extended syntax of π-Calculus, based on an already elaborated arrangement, by Milner (1999) and Sangiorgi and Walker (2003). The first one is presented as Basic π-Calculus, it contains the most basic syntax to define the behavior of a process, and the second, as Typed π-Calculus, is an extension, which presents a type of system for the method.

Semantics are responsible for representing the meaning of each syntactic phrase. In denotational semantics, this meaning is specified by a denotational value for some domain. Once the domain D and a class of phrases P are defined, a semantic function is introduced, which maps each phrase in P to its D denotation: f : P −→ D, that is, it maps a context-free language to mathematical entities (WATT, 1996).

which didn’t exist in the π-Calculus literature yet, will be presented. The concept of memory will be based on the idea presented by Milner (1984) in CCS, so that there is not much distinc-tion from the existing literature. The environment idea does not exist yet, for both CCS and π-Calculus methods, and, therefore, it will be based on the syntax created in this dissertation, and also on the denotational semantics presented by Watt (1996). This model is suitable for storing a wide variety of imperative languages that have types of values stored in locations.

Programs written with imperative languages run easier on hardware, and because of this, this type of software has become prevalent. When this language is composed with declarative languages, they become more powerful and able to access generic computational resources, as long as this integration does not affect the fundamental principles of the declarative language (BARENDREGT; MANZONETTO; PLASMEIJER, 2013). For a method to be efficient, in the construction of a language that fulfills this demand, it is essential to understand the behavior of agents in passing arguments. These arguments are usually called values, which in the case of the π-Calculus method has the same construction of variables and channels.

Since the goal of this study is to show the passing of values in π-Calculus, these ar-guments must be inserted in a type of environment, once the values, variables, and channels of communication are labeled in the same form. Therefore, a denotational semantics must be made for Typed π-Calculus to demonstrate how it is possible for both to pass value expansions and mobility, which is one of the main characteristics of this method. With that, the passing of values is the last part of this dissertation.

1.1 Related Works

1.1.1 Values Passing in CCS

In CCS, the passing of values between agents happens through gates, channels of com-munication, in which an observable experiment sends a name through a positive port, and re-ceives it over a negative port, to variables free of context. This relationship is represented by P−→ Pα 0_{, where the agent P admits an α-experiment and can turn into P}0_{as the result.}

For information on CCS with values passing, see Milner (1984). For values passing in the π-Calculus, we shall use Typed π-Calculus (SANGIORGI; WALKER, 2003) to identify the active types in agents in observable experiments, to be able to pass between ports, such as in

LOTOS.

1.1.2 Values Passing in LOTOS

The algebraic formal language LOTOS, introduced by Bolognesi and Brinksma (1987), is a formal description technique developed within ISO for the formal specification of open distributed systems, and, in particular, for those related to the Open Systems Interconnection (OSI) computer network architecture.

In Basic LOTOS, observable actions are identified only by the name of the gate where they are offered, and processes can only have a finite number of gates. In Full LOTOS the action is constituted by three components: a gate, a list of events, and an optional predicate.

An event can either offer(!) or accept(?) a value. Predicates serve to establish a condition on the values that can be accepted/offered. The processes synchronize their actions, as long as they name gates with the same name, the event lists are combined, and the predicates, if any, are satisfied (LAI; JIRACHIEFPATTANA, 2012).

According to Logrippo, Faci and Haj-Hussein (1992), synchronization between pro-cesses with value exchange, occurs when two or more propro-cesses agree on a single tuple of values, and established in a gate. This is the case of corresponding actions. More precisely, if a set of processes P1, ..., Pnis composed in parallel, and G represents the list of common ports, on

which synchronization must occur, these processes can synchronize if the following conditions are valid:

1. P1, ..., Pnare all offering actions a1, ..., an, respectively;

2. The gates of action g1, ..., gn ∈ G are the same;

3. T = tuples(a1) _ · · · _ tuples(an) 6= ∅, where _ is a concatenation operator.

Process outputs are denoted by E1, ..., En, where E1, ..., En is a set of value expressions

and results of the process execution. These results are passed on to another activated behavior process if allowed (synchronism).

1.2 Outline

The remainder of this dissertation is organized as follows. In chapter 2, the π-Calculus method is presented, and its aspect is described as a concurrent method. In chapter 3 a denota-tional semantics is made for the Basic π-Calculus syntax, based on a syntax presented by Milner (1999). The following chapter 4 shows a denotational semantics for the Typed π-Calculus syn-tax, based on a syntax presented by Sangiorgi and Walker (2003). In chapter 5 according to the syntax and semantics made, it is showed how to pass the values in the π-Calculus method. Lastly, chapter 6 presents the conclusion and detailed future studies.

2 THE METHOD

This chapter is intended for a brief presentation of the π-Calculus method and the char-acteristics of a concurrent method.

2.1 Concurrence

Concurrent methods address specifications for systems that involve automata behavior and exhibit parallelism, concurrency, and communication in their components, interacting at any time during their executions, with the system having to manage simultaneous communication between them. These components are called agents or processes that behave dynamically in parallel in an internally sequential manner, communicating on a more abstract or more stable time scale, based on timeless state transitions (BUSTARD, 1990).

A concurrent system composed of agents or sequential processes that communicate with each other, behaves involving the analysis of four factors: the internal behavior of each agent, their external behavior, the structure of the system into agents and the communication between them (COHEN; HARWOOD; JACKSON, 1986).

The internal behavior of an agent depends on the structure of its internal state, the set of initial states, the set of operations that can access these states, the accessible states, and the pos-sible state transitions. Given the initial states and the operations sets, the internal specification implies a set of possible sequences of state transitions.

Since the state transition does not meet internal operations, an alternative is to consider that these operations will be performed as a result of an agent’s interaction with other agents. Thus, the agent describes behavior restrictions as limitations on the acceptable sequence of events. The specification of this behavior, in the form of predicates on the events, in which the agent can participate, is called the specification of external behavior, that is, the event has externally observable behavior.

Communication is the mechanism through which events are transmitted between agents. In the event of a simultaneous occurrence, between the events of each agent, the competing sys-tem will depend on the internal state transitions. Examples of concurrent methods are CCS (MILNER, 1984), π-Calculus (MILNER, 1999), CSP (ABDALLAH, 2005) and PNs (PETER-SON, 1977).

2.2 π-Calculus Method

The formal π-Calculus method is aimed at analyzing communication ownership be-tween concurrent processes, and interacting among concurrent systems. Mobility, where new links can be created and broken between existing components, is the name given for this kind of evolution. In addition, it is possible to model this mobility between components.

This method is oriented to competing systems, aimed at the mobility of communication channels. As an extension of CCS, it imports all its functions: composition, restriction, sub-stitution, and synchronism, adding other functions that support the transfer of communication channels between agents. In π-Calculus, there is no difference between names, values, and variables in the transition between agents, so when a channel is transmitted, all labels restricted to it must be renamed for future interaction with other agents (MILNER, 1999).

The base for an agreement between operations comes from the structural congruence. This means that, there are different ways to write two processes, but they will have the same meaning. The definition of structural congruence for π-Calculus has already been elaborated by Milner (1999), which can be found in the literature, so there will be only references to it in this study. It is through this equivalence relationship that the reaction rules were made.

The input and output primitives of this method are monadic: exactly one label or channel is exchanged during each communication. The polyadic π-Calculus is a useful extension that allows the atomic communication of tuples of labels/channels, which in this dissertation, will be called: messages. Also, it has the polymorphic systems type by allowing generic operations, i.e., operations which can be safely applied to many different types of argument, like list operations. (TURNER, 1995).

For better understanding, this method will be divided into two parts: Basic π-Calculus, which involves the basic concepts developed by Milner (1999), and Typed π-Calculus, an ex-tension of the method that involves the concepts of Type Systems developed by Sangiorgi and Walker (2003).

3 BASIC π-CALCULUS

Basic π-Calculus uses concurrence and mobility for the passing of the values, variables, and links. In this environment, there is no distinction between them and, therefore, they are just called labels or names. In the same way, the processes can carry unrestricted names as long as values are the result of reduced terms and only as long as there is synchronism.

The reduction of terms occurs in a similar way to algebraic languages, such as Maude (NUNES, 2012). At this time, there is still concern about the type of data being transported, but how and if the system can send it or receive it. To define the grammar, we apply a BNF1 in order to simplify the semantic specifications, and the denotacinal semantic is based in Watt (1996) and Slormeger and Kurtz (1995).

3.1 Label

In π-Calculus, we assume an infinite and countable set of names a, b, x, y, ..., repre-senting the links (channels), variables, and calculation values. We define the set of names as follows:

Name= {a, b, x, y, · · · } (3.1)

Given the set Name, we can introduce a new set Name defined as:

Namedef= {n | n ∈ Name} (3.2)

where the elements are called co-names. We assume that Name and Name are disjoint sets and we denote Label as the union of these sets. (MILNER, 1999)

Definition 1. (Label) Let Labeldef= Name∪Name be a set of labels, where each element of Label is used for labelled transition systems and ports. The ports are used to connect systems that, when synchronized, can exchange messages. For all x∈ Label, we call "x" the complement of "x".

1_{"When applied to programming languages, this notation is known as Backus-Naur Form or BNF for the} researchers who first used it to describe Algol60. Note that BNF is a language for defining languages—that is, BNF is a metalanguage." (SLORMEGER; KURTZ, 1995)

3.1.1 Label: Semantic Functions and Equations

Assuming that the sets Name and Name are disjoint, one can get a bijective function f = ¯ , defined by Milner (1984) a bijection from names to co-names:

¯ : Name −→ Name (3.3)

where

∀ n ∈ Name : n ∈ Name. (3.4)

In addiction, the inverse bijective function f−1 = ¯ , can be obtained as follows:

¯ : Name−→ Name, where ∀ n ∈ Name : n = n. (3.5)

Thus, the function f = f−1 = ¯ is a bijection over Label. In particular for any subset L1 ⊂

Label, the set L1 = {x | x ∈ L1} satisfies L1 ⊂ Label.

In some cases it will be important to consider the function name over Label whose codomain is Name:

name: Label −→ Name (3.6)

where if ∀ x, x ∈ Label, and x is complement of x then:

name(x) = name(x) = x. (3.7)

Also, we extend to sets L : Label by defining:

names(L) = {name(x); x ∈ L}. (3.8)

One can identify some properties for names. Let L1, L2 ⊂ Label be subsets, as follows:

names(L1) = names(L1) (3.9)

names(L1∩ L1) = names(L1) (3.11)

names(L1∩ L2) = names(L1) ∩ names(L2) (3.12)

names(L1× L2) = {name(x); x ∈ L1} ∪ {name(y); y ∈ L2} (3.13)

3.2 Message

To carry a message, it is necessary that one link can send and receive more than one name. It means that a message can be an empty tuple, a unit (monadic Calculus) or a homoge-neous tuple (polyadic Calculus) of labels. By definition, a message is defined as follows:

Message= {h x1 · · · xn i | x1, ..., xn ∈ Label, n ∈ N} ∪ {h i}, (3.14)

where we will assueme that h i is a empty message. By notation, we will use ~x when the tuple is h x1 · · · xn i.

3.2.1 Semantic Domains

As a denotational semantics is being developed for reductions in π-Calculus, it can be considered that the equation reduction renders respect the sets already instantiated as sorts with the declaration of their operators in any formal language. Therefore, it was used the sorts al-ready instantiated in the formal language Maude, for reasons of familiarity of this dissertation’s authors. Since the Label and Message sets are not instantiated in Maude, these sets’ instantiat-ing follows as sorts.

According to the message definition, we can specify the sort Message as a tuple of labels. In this case, first follows the specification of sort Label:

fmod LABEL is

***Declaration of sort*** sort Label .

***Declaration of operators***

op = : Label Label -> Bool . op 6= : Label Label -> Bool . ***Declaration of variables*** vars x1 x2: Label . ***Declaration of equations*** ceq x1 = x2 = true if x1==x2 . ceq x1 = x2 = false if x1=/=x2 . ceq x1 6= x2 = false if x1==x2 . ceq x1 6= x2 = true if x1=/=x2 . endfm

Now that the sort Label was well defined, one can specify Message. The first structure is a theory as follows:

fth TH is

sort Component . endfth

The second structure is the instantiation of a tuple of size n as follows:

fmod TUPLES { X :: TH } is sorts Tuple N-Tuple .

subsort X$Component < N-Tuple . op <> : -> Tuple .

op : X$Component N-Tuple -> N-Tuple . op < > : N-Tuple -> Tuple .

op < > : X$Component Tuple -> Tuple . vars c1 c2 : X$Component .

var t : N-Tuple . eq < c1 <> > = < c1 > .

eq < c1 < c2 t > > = < c1 c2 t > . endfm

The third is a view that assigns the sort Component to the sort Label for parameterization of the tuple in MESSAGE:

view TH-as-LABEL from TH to LABEL is

sort Component to Label . endv

The sort Message is defined by instantiation of sort Tuple by sort Label, as follows:

fmod MESSAGE is

protecting TUPLES { TH-as-LABEL } * (sort Tuple to Message) . endfm

3.2.2 Message: Semantic Functions and Equations

The function names defined to Message generates a set of all names on Label enclosed in the message. In that way, the set of names of a message M : Message, with L : Label, is defined as follows:

names(M) = names(L × L × · · · × L

| {z }

n

) : Ln _{⊆ M, n ∈ N.} (3.15)

The equations as follows:

names_{(h i) = ∅} empty message (3.16)

names(h x i) = {name(x) | x ∈ L} monadic (3.17)

3.3 Link

When labels, e.g. x and y, are used to label transitions, it means that one process is interacting with another process through these labels. In this case, these labels are called links (ports). A link interacts with its complement by sending or receiving messages. Therefore a link can be:

- output, sends a message when linked with its complement; - input, receives a message when linked with its complement.

This way it can classify a link by a label function for its state:

Link= Label −→ output + input (3.19)

Let x, x ∈ Label be labels, the equations as follows:

Link(x) = output (3.20)

Link(x) = input (3.21)

In π-Calculus, the names of communicating channels don’t lose their labels after syn-chronised. So, the function relabelling (defined to CCS) is not be used in π-Calculus. Willing to do a internal behaviour of a process is used the operator "new x", with x ∈ Label, to restrict a link for exchange data.

3.3.1 Synchronism

A synchronism happens when there is a pair of the complementary labels (x, x). This pair is responsible for the creation a communicating channel where a message can be sent or received. In this case, each one these labels is a link.

In π-Calculus, a synchronism is represented by the character "τ " and has the highest precedence on the process. It means that the synchronism is a silent action and occurs regardless of the interaction with the environment. It is possible to define the properties of a link through

the function:

Synchronism= Link × Link −→ τ + fail (3.22)

Let x, y ∈ Label be labels, the equation as follows:

Synchronism(x, y) = if (x is complementary to y) then τ else fail (3.23)

3.4 Conditional

The π-Calculus can be extended to the restricted condition: match. Also, it can use more than one condition and require that the calculation meets all the conditions or fail if they do not. To give meaning to the match, it is defined in the specification of the LABEL sort.

The syntax of Conditional is of the form where the labels can be the same (match) or a conditional followed by another conditional successively. Let x1, x2 ∈ Label, the BNF as

follows:

Conditional ::= [ x1 = x2 ]

|

Conditional Conditional (3.24)

3.4.1 Semantic Domains

Adding Conditional in a process, the language becomes richer. However, it is necessary to consider domains that aid in the understanding of the syntax. Again, let us use a public domain: Bool. A truth precondition ensures that the process can occur and a false one, stops the process.

3.4.2 Conditional: Semantic Functions and Equations

The function condition is defined from Conditional to Bool:

For this function we have the following equations, let x1, x2 ∈ Label and cnd1, cnd2 ∈

Conditional:

condition[[ [ x1 = x2] ]] = if (x1 = x2) then true else false (3.26)

condition[[cnd1 cnd2]] = condition(cnd1) ∧ condition(cnd2) (3.27)

3.5 π Prefix

A prefix on the process that will be defined later describes the experiment that will occur before the process begins. Let x, x ∈ Label and y, z ∈ Message, the syntax to prefix π is defined as:

π ::= x y

|

x z

|

τ

|

Conditionalπ (3.28)

According Sangiorgi and Walker (2003), the prefix definition is as follows:

Definition 2. (Prefix π) The prefix π has a π firing sequence that must occur before a process. Let x∈ Label, y, z ∈ Message, the informal semantic as follows:

- output prefix: x y - It means that the message y can be sends via link x;

- input prefix: x z - It means that the z can receives a message via link x. In this case, all occurrences of the z must be replaced by the message received.

- synchronise prefix: τ - It means that a process occurs without external interference, ex-pressing an internal action of a process.

- match prefix: [ x1 = x2 ] π - It means that the prefix π fires if the x1 and x2 are the same

labels.

3.5.1 π Prefix: Semantic Functions and Equations

Now, it one can to define a function from π to a codomain formed by an ordered pair (Link, Message) when a message is being sent or received, τ when there is synchronism, or fail

if the prefix fails.

pref : π −→ (Link × Message) + τ + fail (3.29)

Let x, x ∈ Label, y, z ∈ Message, τ is a synchronism and cnd ∈ Conditional, the equations as follows:

pref[[ x y ]] = (Link(x), y) (3.30)

pref[[ x z ]] = (Link(x), z) (3.31)

pref[[ τ ]] = τ (3.32)

pref[[ cnd π]] = if condition(cnd) then pref (π) else fail (3.33)

3.6 Process

A process in π-Calculus is a linked sequence of prefixes which guarantees that the ex-change of the messages can only happen after the synchronism between links of the same name. Also, there is the possibility of mobility when processes receive and send links to create new connections.

To ensure the mobility, it is necessary to define Process by a set of the satisfactory operations. In this case, are define the language π-Basic(nill, ., +, |, new, Replicate) with terms given as follows:

Summation ::= nill

|

π . Process

|

Summation+ Summation (3.34) Process ::= Summation

|

Process| Process

|

new x( Process )

|

Replicate Process (3.35) Replicate Process ::= Process

|

Replicate Process | Process (3.36)

According Sangiorgi and Walker (2003), the process definition is as follows:

Definition 3. (Process) Let S, S0 ∈ Summation, P ∈ Process and x ∈ Label. So, the informal semantic as follows:

- inaction: the processnill represents an empty sum and that there is nothing that can be done.

- prefixed process:π . P is a prefixed process, where π is a prefix, and P just can be occur afterπ has been satisfied. The symbol "." (below) represents a sequential definition. - sums: S+ S0means that the capabilities of both processes are available and just one will

be choosen. The other will be lost. This is a non-deterministic choice, and the agent can act like S or S’.

- composition: P | P0 _{means that the processes can proceed independently and interact}

using shared links.

- restriction:new x (P) means that the x, with x ∈ Name, is restricted to internal behavior of process P.

- replication: Replicate P means a infinite sequence of the composition of the process P with itself.

To understand the behavior of the prefixed process, it is necessary firs to define an aux-iliary domain Action. The action has a function to describe what is happens with the process in a determined time.

3.6.1 Action

A labelled transition is defined by a set of the actions applied to the prefixed process transition. Actions are used to labeled transition relationships of the process. It means that transitions occur according to prefixed actions, which consequently determine the behavior of the processes according to your structure. It one define the actions like an auxiliary set that do not form part of the syntax.

Let x, x ∈ Label and y, z ∈ Message, the set of actions is defined as:

Action ::= x y

|

x y

|

x(z)

|

τ (3.37)

Definition 4. (Action) The labelled transition relations are labelled by actions. Let n ∈ Name x, x ∈ Label and y, z ∈ Message, the informal semantic as follows:

- free output: x y - It means that the process sends y via x; - input: x y - It means that the process receives y via x;

- bound output: x(z) - It means that a process send a local name z, i.e., z is a restricted name;

- synchronism:τ - It means that a process occurs without external interference, expressing a internal synchronized action.

3.6.1.1 Action: Semantic Functions and Equations

To describe the behavior of action, it defines the function act from Action to a codomain with the elements ordered pair (Link × Message), where Link is responsible for sending or receiving a free or restrict Message and τ , when the action is silent, as follows:

act: Action −→ (Link × Message) + τ (3.38)

Let x, x, z ∈ Label, y ∈ Message, τ is a synchronism and cnd ∈ Conditional, the equations to act are as follows:

act[[x y]] = (Link(x), y) (3.39)

act[[x y]] = (Link(x), y) (3.40)

act[[x (z)]] = (Link(x), new z) (3.41)

act[[τ ]] = τ (3.42)

3.6.1.2 Substitution

The interaction between a process and action can bring forth a substitution. It means that a set of identifiers can be associated with values and links through the communicating channels. In π-Calculus, a Message can be a value, a variable or a link. For understanding we will call Identifier Message elements set that define a variable. In π-Basic, it can be represented as a Message subsort.

Identifier< Message (3.43)

The substitution function subs is applied over Identifier to Message.

Definition 5. (Substitution) Let Substitution be the set of all substitution functions, the finite mapping from Identifier to Message, where Identifier is (by definition) a subset of variables in Message. We write{~v_/−→_{id}, with}−→_{id ∈ Identifier and ~v ∈ Message, such that subs(idj) = vj for}

all idj ∈

− →

id and vj ∈ ~v.

The poliadic π-Calculus, defined as in Milner (1999), ensures that a substitution can be occur like in monadic π-Calculus provided the lengths of message and identifier be equal, it means, the substitution {~v_/−→_{id} occur, if, and only if, | ~v |=|}−→_{id |.}

In π-Calculus there is two types of binding labels: when a label is a restriction to process (e.g. new n P, n is bounded), or when all occurrences of a label on a process can be substituted to another label received via a link (e.g. x z . P, z is bounded). The definition by Sangiorgi and Walker (2003) is as follows:

Definition 6. (Binding) A label is called binding in a process when it is bonded to the process scope. The binding labels set of a process P is represented by bn(P). Any label not bound to a process P is called free label and is an element of fn(P). Let n, x, x ∈ Label, y, z ∈ Message and P∈ Process, follows: - bn_{(nill) = ∅} - fn_{(nill) = ∅} - bn(x y . P) = bn(P) - fn(x y . P) = {x, y} ∪ fn(P) - bn(x z . P) = {z} ∪ bn(P) - fn(x z . P) = {x} ∪ (fn(P) \ {z}) - bn(τ . P) = bn(P) - fn(τ . P) = fn(P) - bn([ n1 = n2 ] P) = bn(P) - fn([ n1 = n2] P) = {n1, n2} ∪ fn(P) - bn(P1 + P2) = bn(P1) ∪ bn(P2) - fn(P1+ P2) = fn(P1) ∪ fn(P2) - bn(P1 | P2) = bn(P1) ∪ bn(P2) - fn(P1| P2) = fn(P1) ∪ fn(P2) - bn(new n . P) = {n} ∪ bn(P) - fn(new n . P) = fn(P) \ {n} - bn(Replicate P) = bn(P) - fn(Replicate P) = fn(P) 3.6.1.3 Transition Relations

The labeled transition relations are defined over prefixed processes by a second-order function:

actpref : π . Process → (Action → Process + abort) (3.45)

follows:

actpref[[x y1 . P]] (x y1) = P (3.46)

actpref[[x y2 . P]] (x (y2)) = new y2 (actpref (x y2 . P) (x y2)) (3.47)

actpref[[x z . P]] (x y) = {y_{/z}P (3.48)}

actpref[[τ . P]] (τ ) = P (3.49)

actpref[[[x = x]π . P]] α = actpref (π . P) α (3.50)

To all the other combinations between prefix and action, the result is abort. Because this the equations was omitted and will be treated as a deadlock.

3.6.2 Process: Semantic Functions and Equations

According to the syntax, three functions are necessary to denote the behavior of the expressions defined as follows:

sum: Summation −→ (Action −→ nill + abort) (3.51)

trans: Process −→ Summation (3.52)

reply: Replicate Process −→ Process (3.53)

Let α ∈ Action, S, S0 ∈ Summation and P, P0 _{∈ Process, the equations as follows:}

sum[[ nill ]] α = nill (3.54)

sum[[ π . P ]] α =        if actpref(π . P α) 6= abort then trans(actpref (π . P α)) elseabort (3.55)

sum[[ S + S0 ]] α = if sum(S) α 6= abort then sum(S) α else sum(S0) α (3.56)

trans[[ S ]] = if sum(S) 6= abort then sum(S) else nill (3.57) trans[[ P | P0 ]] = trans(P) | trans(P0) (3.58)

trans[[ new x P ]] = new x (trans(P)) (3.59)

trans[[ Replicate P ]] = reply(Replicate P) (3.60)

reply[[ P ]] = trans(P) (3.61)

reply[[ Replicate P | P ]] = reply(Replicate P) | trans(P) (3.62)

Example 1. Reduces P = (x y . Q | x z . R):

trans(x y . Q | x z . R) = trans(x y . Q) | trans(x z . R) (3.63) = sum(x y . Q) (x y) | sum(x z . R) (x y) (3.64) = trans(actpref (x y . Q) (x y)) | trans(actpref (x z . R) (x y)) (3.65)

= trans(Q) | trans({y_{/z}R) (3.66)}

3.7 The Process Reduction

The prefix and trans functions can define the reaction relations of a prefix π and a pro-cess, respectively. However, to understand what happens in a process reduction, these functions are not enough. To achieve this, some semantic domains as storage and environment are neces-sary, where the prefix can find a possible action during a process reduction.

Below is an example of an informal reduction of process P, using functions built is this work and how happens the behavior of the names in the storage and environment.

Example 2 (Process Behaviour). Let P, Q, R ∈ Process and x, y, z ∈ Name, reduces P = (x y . Q | x z . R):

Table 3.1: Reduction process of the P with environment behaviour and memory state (storage).

Process Environment Memory

trans(P) = trans(x y . Q | x z . R) empty loc x7→ unused

= trans(x y . Q) | trans(x z . R) empty loc x7→ unused

= sum(x y . Q) (x y) | sum(x z . R) (x y) empty loc x7→ unused = trans(actpref (x y . Q) (x y)) | trans(actpref (x z . R) (x y)) var z7→ loc x loc x7→ undefined = trans(Q) | trans({y_/z}R0_{) var z7→ loc x loc x7→ val y}

In the end, it one have trans(x y . Q | x z . R) −→ trans(Q) | trans({∗ y_/z}R0_{) and the}

location x with identifier z is allocated with the value y.

3.7.1 Memory

The storage concept for CCS has been defined by Milner (1984), and it will be extended for π-Calculus in this section. First, it is necessary to know about the register of reading of the value and writing of the variable behavior to one or more processes. Let y ∈ Message be the value, z ∈ Message be the variable and x ∈ Label be the link, the register R(x)[y] ∈ Process is defined as follows:

R(x)[y] def= x y . R(x)[y] + x z . R(x)[z], where z ∈ Message. (3.67)

It means that there exist two options to sum(R(x)[y]) according to prefix x y or x z chosen: - trans(actpref (x y . R(x)[y]) (x y)) = R(x)[y], means that a value y was identified over link

xand thus the result is the register of reading the y.

- trans(actpref (x z . R(x)[z]) (x y)) = trans({y_{/z}R(x)[z]) = R(x)[y], means that a value y}

was mapped to variable z over link x, and thus the result is the register of writing the y. By these means, the location process (storage position), L(x)[z] ∈ Process, is defined as follows:

L(x)[z] def= x z . R(x)[z], (3.68)

where z ∈ Message is the name of a location in which a value can be stored, and x ∈ Label is a communication channel between the location and possible value that can be allocated to it. This location can be:

- L(x)[ ] = unused (simply L(x)), i.e., it was not allocated to any message. - L(x)[z] = undefined, i.e., is not yet known the value allocated in z.

- L(x)[y_{/z] = R(x)[y], means that z was allocated with a message through link x.}

Thus, it one has the sets, with i ∈ {1, ..., n} and n ∈ N∗:

- Writable = S L(xi)[zi], formed for all writable locations L(xi) associated with variables

- Memory = {L(x1)[z1], · · · , L(xn)[zn]}, the storage, where each register cannot

commu-nicate with each other;

- Readable =S R(xi)[yi], formed by all readable messages yi.

From this moment, the storage will be called like your usual definition of memory. To update the memory in each transition, the auxiliary function is introduced:

update: Memory × Writable × Readable −→ Memory (3.69)

where, let m ∈ Memory be a memory, loc ∈ Writable be a writable location and val ∈ Readable be a readable message, so:

- update(m, loc, val) = m’ is the same memory m, except that in m’, the local loc will be allocated by a message of the value val.

Now, it one defined the equation that updates this memory:

update(m, L(x)[z], R(x)[y]) = m[y_{/z] (3.70)}

3.7.2 Environment

For each process, we define an environment ε that includes mappings to readable mes-sages from all predefined writable locations:

ε = {(z 7→ L(x)[ ]) | z ∈ Identifier and x ∈ Label} (3.71)

To explain the behavior of the environment at each step of the reduction process, follow the auxiliary functions:

emptyε : ε (3.72)

findwtble: ε × Link −→ Writable (3.73)

bind: Identifier × Writable −→ ε (3.74)

overlay: ε × ε −→ ε (3.75)

- emptyε is the empty environment.

- findwtble(, Link(x)) gives the unused location pointed by link x in  environment. - bind(z, L(x)[ ]) gives an environment with a simple binding between an identifier z and a

location unused pointed by communication channel x.

- overlay(, 0) gives the combined environment between 0 and , where, if any location was allocated in both  and 0 then your value in 0 overrides in . When a environment receives a new mapping from a z identifier to a L(x)[ ] writable, it one defines [L(x)[z]].

Let  ∈ ε, x, x ∈ Label and y, z ∈ Message, the equations as follows:

findwtble(, Link(x)) = L(x)[ ] (3.76) bind(z, findwtble(, Link(x))) = L(x)[z] (3.77) overlay(, bind(z, findwtble(, Link(x)))) = [L(x)[z]] (3.78)

3.7.3 Reduction of Process

Once the concept of Memory and Environment has concluded, e can rewrite the func-tions defined before.

sum: Summation −→ (Action −→ ε −→ Memory −→ (nill + stop) × Memory) (3.79) trans: Process −→ (ε −→ Memory −→ Summation × ε × Memory) (3.80) reply: Replication Process −→ (ε −→ Memory −→ Process × ε × Memory) (3.81)

Let x, x ∈ Label, y, z ∈ Message, α ∈ Action,  ∈ ε, m ∈ Memory, S, S0 ∈ Summation and P, P0 ∈ Process, the equations is as follows:

sum[[ nill ]] α  m = nill m (3.82)

sum[[ π . P ]] α  m =        if (sum(π . P) α 6= abort) then(sum(π . P) α  m) elsestop (3.83)

sum[[x z. P]] (x y)  m = trans(actpref (x z . P (x y))) [L(x)[z]] m[y_{/z] (3.85)} sum[[τ . P]] τ  m = trans(actpref (τ . P τ ) 0 m0 (3.86) sum[[[x = x]π . P]] α  m = trans(actpref ([x = x]π . P) α)  m (3.87) sum[[ S + S0]] α  m =        if (sum(S) α 6= abort) then(trans(S) α  m) else(trans(S0) α  m) (3.88) trans[[ S ]]  m = (sum(S))  m (3.89)

trans[[ P | P0 ]]  m = (trans(P) | trans(P0))  m (3.90) trans[[ new x P ]]  m = new x (trans(P)  m) (3.91) trans[[ Replicate P ]]  m = reply(Replicate P)  m (3.92)

reply[[ P ]]  m = (trans(P), , m) (3.93)

reply[[ Replicate P | P ]]  m = (reply(Replicate P) | trans(P))  m (3.94)

Example 3 (Process Behaviour). Reduces P = (x y . Q | x z . R) of the Example 2 using the equations defined for environment behavior and memory state at each step of the reduction process:

Table 3.2: Reduction process of the P with environment behaviour and memory state.

Process Environment Memory

trans(P) = trans(x y . Q | x z . R)  m

= trans(x y . Q) | trans(x z . R)  m

= sum(x y . Q) (x y)| sum(x z . R) (x y)  m

= trans(actpref (x y . Q) (x y)) | trans(actpref (x z . R) (x y)) overlay(, L(x)[z]) update(m, L(x)[ ], R(x)[y])

= trans(Q) | trans({y_/z}R0_{) [L(x)[z]] m[}y_/z]

In the end, it one have trans(p)  m = (trans(Q) | trans({∗ y_/z}R0_{)) [L(x)[z]] m[}y_{/z] and}

3.7.4 Structural Congruence

There are cases where the process is syntactically different, but they have the same behavior. It means that structural congruence identifies only a few agents where the syntactic structure makes it obvious that they are the same. To define structural congruence, it is necessary the concept of context and structural congruence:

Context ::= [·]

|

Context[Process] (3.95)

Definition 7. (Context) Let ζ ∈ Context and P ∈ Process, the informal semantics as follows: - hole ([·]) - It means a non-degenerate occurrence of nill in a term of Process. Example:

[·] | P.

- replace (ζ[P]) - It means that ζ is a context where the hole was replaced by P. Example: ifζ0[·] = [·] | P, then ζ0[Q] = Q | P.

Definition 8. (Congruence) An equivalence relation S on processes is a congruence if (P, Q) ∈ S implies(ζ[P], ζ[Q]) ∈ S for every context ζ and process P and Q. (SANGIORGI; WALKER, 2003)

Now, it is possible to define a structural congruence by Milner (1999):

Definition 9. (structural congruence) Two process expressions P and Q in the π-Calculus are structurally congruent, written P ≡ Q, if we can transform one into the other by using the following equations:

- change of bound names;

- reordering of terms in a summation; - identity: P| nill ≡ P;

- commutative: P| Q ≡ Q | P;

- associative: P| (Q | R) ≡ (P | Q) | R; - new x (P | Q) ≡ P | new x Q if x 6∈ fn(P); - new x nill ≡ nill;

- new xy P ≡ new yx P;

- Replicate P ≡ P | Replicate P.

The semantic function is defined from Context to Process as follows:

replace : Context −→ Process (3.96)

Let [·], ζ ∈ Context and P ∈ Process, then:

replace([·]) = nill (3.97)

replace(ζ[P]) = for ∀ [·] ∈ ζ do [·] = P (3.98)

3.8 A Basic π-Calculus Application

This section will be present an application of the basic π-Calculus semantics in an ex-ample. At this time, it one created a semantics to work with π-Calculus synchronism, so the problem chosen is the Dining Chinese Philosophers Problem. This problem is a generalization of the classical Dining Philosophers Problem by Dijkstra (1978).

3.8.1 Dining Chinese Philosophers Problem

Three philosophers are seated around a circular dining table. Each philosopher has a pasta dish to eat. Besides that, they have sashis in place of forks, and each needs two sashis to eat. The initial state of dinner disposes of one sashi between a pair of pasta dishes. The sashi must be shared with adjacent philosophers. The problem proposes that all philosophers should eat using two adjoining sashis, alternated between eating and thinking.

There are a few rules that one can make about the problem:

- If the philosopher has one hashi, then he can receive another and stay with two, or he can send his hashi to another adjacent philosopher.

- If the philosopher runs out of hashi, then he can receive one hashi, or two hashis from adjacent philosophers (seated left or right) one of each.

- If the philosopher has two hashis, then he eats and sends two hashis to adjacent philoso-phers (seated left and right) to each.

Figure 3.1: Initial state of the Dining Chinese Philosophers.

To study the behavior of the system Dining for n ∈ N, was been defined the following sets:

- HASHI = {hashi0, hashi1, hashi2, hashi3, ..., hashin}, where hashi0 means empty-hashi

(no hashi) with HASHI ⊂ Message a subset of the hashi values over Message. Also, IDHASHI = {hashir, hashil}, with IDHASHI ⊂ Message, the set of the hashi identifiers

over Message.

- PHILOSOPHER = {Philosopher1, Philosopher2, ..., Philosophern}, is a subset of the

philosopher process over Process, PHILOSOPHER ⊂ Process.

- PATH = {right, left, right, left}, a set of the communication channels, with PATH ⊂ Label.

Let i, j = 1, ..., n, with n ∈ N, the process that represents the behavior of each philoso-pher is expressed as follows:

Philok∈{i,j}[i, j] def

= Philosopheri[hashii, hashij1] + Philosopherj[hashij2, hashij],

where j₁ =    (i + 1), if i 6= n. 1, if i= n. and j₂ =    (j − 1), if 1 < j ≤ n. n, if j= 1.

Since a philosopher can send (Send) or receive (Receive) hashis, the auxiliary processes and the behavior of each philosopher were defined as follows:

- Send(right, left)[hashii, hashij] def

= (right h hashii i | left h hashij i) . Philosopher{i,j}

[hashi0, hashi0], it means that the philosopher only can send one hashi to the right or left,

or both, to adjacent philosophers if he has more than one. - Receive(right, left)[hashil, hashir]

def

= new right left (right (hashir) | left (hashil)) .

Phi-losopherk[hashil, hashir], it means that the philosopher can receive one hashi from each

adjacent philosophers to his right or left. - Philosopherk[hashii, hashij]

def

= Sendk[i, j] + Receivek[l, r], with k ∈ {i, j}, it means that

a philosopher can only send or receive hashis at each reduction of the process and, by definition, the Send e Receive processes can be expressed as follows:

Sendk[i, j] def

= Send(right, left)[hashii, hashij]

Receivek[l, r] def

= Receive(right, left) [hashil, hashir].

- Diningn def

= Philo1[1] | Philo2[2] | · · · | Philon[n], is the process that represents the dining

Chinese philosopher’s system running.

Limiting dinner to three philosophers, as requested in the problem, we have the situation represented by Figure 3.2:

From the figure, it can observe that the communication between the philosophers is limited. Philosopher one, for example, can communicate on the right only with philosopher two and on the left only with philosopher three. Therefore, it is natural to use as a resource in the Dining process reduction, variables identified with indices "r" (right), and "l" (left).

Another observation that can be made is that after the first philosopher passes his hashi to the right or left, the following situation will happen during the reductions: one of the philoso-phers will have no hashi, another will have only one hashi, and the third will two. Thus, only one philosopher can dine with each movement, while others will be in a state of thought.

Using the definitions above for a dinner with three Chinese philosophers we will evaluate the reduction of the system defined by the process Dining3 = Philo1[1] | Philo2[2] | Philo3[3],

passing the values hashi1, hahsi2 and hashi3. The reductions are a result of applying the

equa-tions defined in the previous secequa-tions and expressed in Table 3.3. To organize, and better under-stand the reductions, the behavior of environment and memory have been placed separately in Table 3.4. Each no_{in Table 3.3 corresponds to the same n}o_{in Table 3.4.}

Table 3.3: The behaviour of the system when one philosopher chose to send your hashi to right philosopher. Reduction by Diningn, with n = 3.

no _Process

1. trans(Dining3) = trans(Philo1[1] | Philo2[2] | Philo3[3])

2. = trans(Philo1[1, 0] | Philo2[2, 0]) | trans(Philo3[3, 0])

3. = trans(Philo1[1, 0]) | trans(Philo2[2, 0]) | trans(Philo3[3, 0])

4. = sum(Send1[1, 0]) (r 1) | sum(Receive2[2, r]) (r 1) | trans(Philo3[3, 0])

5. = trans(actpref (Send1[1, 0] (r 1))) | trans(actpref (Receive2[2, r] (r 1)) | trans(Philo3[3, 0])

6. = trans(Philo1[0, 0]) | trans({hashi1/hashir}Philo2[2, 1]) | trans(Philo3[3, 0])

7. = trans(Philo1[ ]) | trans(Philo2[2, 1]) | trans(Philo3[3])

8. = sum(Receive1[l, r]) (l 1) | sum(Send2[2, 1]) (r 2) (l 1) | sum(Receive3[3, r]) (r 2))

9. = trans(actpref (Receive1[l, r] (l 1))) | trans(actpref (Send2[2, 1] (r 2) (l 1))) | trans(actpref (Receive3[3, r] (r 2)))

10. = trans({hashi1/hashil}Philo1[1, r]) | trans(Philo2[0, 0]) | trans({hashi2/hashir}Philo3[3, 2])

11. = trans(Philo1[1]) | trans(Philo2[ ]) | trans(Philo3[3, 2])

12. = sum(Receive1[1, r]) (r 3)) | sum(Receive2[l, r]) (l 2) | sum(Send3[3, 2]) (r 3) (l 2)

13. = trans(actpref (Receive1[1, r] (r 3))) | trans(actpref (Receive2[l, r] (l 2))) | trans(actpref (Send3[3, 2] (r 3) (l 2)))

14. = trans({hashi3/hashir}Philo1[1, 3]) | trans({hashi2/hashil}Philo2[2, r]) | trans(Philo3[0, 0])

15. = trans(Philo1[1, 3]) | trans(Philo2[2]) | trans(Philo3[ ])

16. = sum(Send1[1, 3]) (r 1) (l 3) | sum(Receive2[2, r]) (r 1)) | sum(Receive3[l, r]) (l 3)

17. = trans(actpref (Send1[1, 3] (r 1) (l 3))) | trans(actpref (Receive2[2, r] (r 1))) | trans(actpref (Receive3[l, r] (l 3))

18. = trans(Philo1[0, 0]) | trans({hashi1/hashir}Philo2[2, 1] | trans({hashi3/hashil}Philo3[3, r])

19. Repeat equation no_{7.: = trans(Philo}

1[ ]) | trans(Philo2[2, 1]) | trans(Philo3[3])

at a given moment the result begins to repeat, equation no_{19 is equivalent to equation n}o_{7. The}

next memory update will be equivalent to Equation 9. from Table 3.4. It means that the process is recursive, and the leaves of the synchronized tree representing this system begin to repeat.

Table 3.4: Behaviour of the memory and environment in the Table 3.3 reductions.

no _{Environment Memory}

1.  m

2.  m

3.  m

4.  m

5. overlay(, Link(r)[hashir] update(m, L(r)[ ], R(r)[hashi1])

6. [L(r)[hashir]] m[hashi1/hashir]

7. 0 m0

8. 0 _m0

9. overlay(overlay(0_{, L(r)[hashi}

r]), L(l)[hashil]) update(update(m0, L(r)[ ], R(r)[hashi2]), L(l)[ ], R(l)[hahsi1])

10. 0[L(r)[hashir], L(l)[hashil]] m0[hashi2/hashir,hashi1/hashil]

11. 00 _m00

12. 00 m00

13. overlay(overlay(00_{, L(r)[hashi}

r]), L(l)[hashil]) update(update(m00, L(r)[ ], R(r)[hashi3]), L(l)[ ], R(l)[hahsi2])

14. 00_[L(r)[hashi

r], L(l)[hashil]] m00[hashi3/hashir,hashi2/hashil]

15. 000 m000

16. 000 _m000

17. overlay(overlay(000, L(r)[hashir]), L(l)[hashil]) update(update(m000, L(r)[ ], R(r)[hashi1]), L(l)[ ], R(l)[hahsi3])

18. 000_[L(r)[hashi

r], L(l)[hashil]] m000[hashi1/hashir,hashi3/hashil]

19. 0v m0v

Exercise 1. Show that if Dining3starts with a philosopher sending his hashi to the philosopher

on his left, the result of reductions will be equivalent if the philosopher sends his hashi to the right philosopher.

Proof By hypothesis, we can assume that if the right philosopher changes places with the left philosopher, the result will be the same, that is, the synchronisms with the right and left philosophers are equivalent.

Applying the function trans in the process Dining₃ one have two possible results:

trans(Dining3) = trans(Philo1 | Philo2 | Philo3)

= sum(τ . (Philo1 | Philo2) | Philo3) τ

i.e.:

10. if Philo1 send to right: τ . (Philo1 | Philo2) | Philo3 τ

−→ τ . (Philo1 | Philo2 | Philo3)

20. if Philo1 send to left: τ . (Philo1 | Philo3) | Philo2 τ

−→ τ . (Philo1 | Philo3 | Philo2)

For the Structural Congruenceπ-Calculus by Milner (1999):

Philo3 | Philo2 ≡ Philo2 | Philo3

Then,

τ . (Philo1 | Philo3 | Philo2) ≡ τ . (Philo1 | Philo2 | Philo3)

For the Reaction Rule STRUCT by Milner (1999):

τ . (Philo1 | Philo2) | Philo3 ≡ τ . (Philo1 | Philo3) | Philo2

Therefore, if Philo1sends his hashi to your left or right, system behavior is equivalent.

Exercise 2. Show that next memory update will be equivalent to Equation 9. from Table 3.4. Proof Two memories are equivalent if your locations sets are equally allocated (MIL-NER, 1984). According Zermelo (1908), the Extension Axiom: "both sets A and B are equals if and only if A⊆ B and B ⊆ A". Let mv_{, m}0 _{⊆ Memory be a subset of Memory, then m}v _{= m}00 _if

in mv_{contains all substitutions in m}00_{and vice versa.}

Considering the structure of the Dining process, the memory m uses only two memory positions initially undefined: L(r)[hashir], associated to the right link and L(l)[hashil],

associ-ated to left link, which will be updassoci-ated during the reduction of this process. There is that: m00= update(update(m0; L(r)[hashir]; R(r)[hashi2]); L(left)[hashil]; R(l)[hahsi1])

Then, the memory m00 set is m00 = {[hashi2/hashir], [hashi1/hashil]}. The next memory update

will be as follows:

udate(update(m0v, L(r)[hashir], R(r)[hashi2]), L(l)[hashil], R(l)[hashi1]) = m0v[hashi2/hashir,hashi1/hashil]

Therefore the two spaces allocated in the m0vupdate are allocated in the same way as in m00, which implies that mv _{= {[}hashi2/hashir], [hashi1/hashil]} = m00⇔ mv ≡ m00.

4 TYPED π-CALCULUS

A type system has the property type capable of classifying expressions in a language. Using a set of rules determined by the instantiated type, one can get an approximate description of possible values that buildings can store or compute, or the messages they will carry.

The main objective of a type system in π-Calculus is to reduce errors by defining in-terfaces between different parts of a process, and then to verify that the synchronisms occur consistently. In this section, a new syntax on Basic π-Calculus will be introduced to describe Typedπ-Calculus.

4.1 Defined Types

To define the types in π-Calculus, one must first consider a set formed by all the basic types already known and instantiated. To maintain the coherence of this work, we will use the types already instantiated in MAUDE, according to Clavel et al. (2003):

Base= {Nat, Int, Bool, String, ...} (4.1)

The π-Calculus define two types for labels. The first is the value type, called VType, and defined as follows:

VType ::= Base (4.2)

The value type is formed by all known types and has as a characteristic, labels capable of being sent or received by a communication channel (link). As in π-Calculus, there is the mobility of communication channels, and links can also assume this capacity. The function typevalcan tell what the specified type of Base is:

typeval: VType −→ Base (4.3)

For all t ∈ VTtpe and b ∈ Base, the equations as follows;

The second is the link type, called LType:

LType ::= chanVType

|

chan LType, (4.5)

formed by all types of values that assume the role of communication channels between pro-cesses within a type environment (defined below), capable of carrying values of a given value type. The function typechan can identify the Base type that a typo link is capable of carrying:

typechan: LType −→ Base (4.6)

Let l ∈ LType e b ∈ VType be types, such that l = chan b, the equations is as follows:

typechan[[ chan b ]] = typeval(b) (4.7)

typechan[[ chan l ]] = typechan(l) (4.8)

One can now define Type as the generalized composition of VType and LType. The Type set is necessary because of the π-Calculus mobility that allows values and links to be transported. Therefore, there are situations where a link is capable of carrying another link.

Type ::= VType

|

LType (4.9)

Once defined Type, what matters is to know which type a label has and for which type a process is well defined. Therefore, we created a type environment that stores this information and which can be consulted so that the constructions are done correctly.

4.2 Type Environment

Let’s define a type environment like a function from Label to Type. The behavior of a typed environment by Sangiorgi and Walker (2003) is as follows:

Definition 10. Type Environment - An assignment of a type to a label is of the form a: Type,

where a is a Label, called the name of the assignment, and Type is a type, called the type of the assignment. A type environment is a finite set of assignment of types to names, where the

names on the assignments are all different. TheΓ meta-variable will be used to represent a type environment.

As stated earlier, what matters in a type environment is whether a label is of the type VTypeor LType. Therefore, it is possible to define the type environment as a function capable of saying which label assignment in this environment:

Γ : Label −→ Type (4.10)

Let x ∈ Label, so:

Γ(Link(x)) = LType (4.11)

Γ(name(x)) = VType (4.12)

In Typed π-Calculus, it is assumed that each label can have a type. An LType label is able to manipulate typed values in a predefined environment. For example, if b is a type VType and x : chan b, then x is a link that can send or receive values of type b. A type environment can be syntactically defined as follows:

Γ ::= emptyγ

|

Γ[Label : LType]

|

Γ[Label : VType]

|

Γ[Process] (4.13)

Definition 11. (Type Environment) Let γ ∈ Γ, x, y ∈ Label, l ∈ LType, b ∈ VType, t ∈ Type and P∈ Process be variables, the informal semantic as follows:

- emptyγ - the environment is empty;

- γ[x : b] - in a type environment γ, x is a value of the value type b (x : b);

- γ[y : l] - in a type environment γ, y is a channel of the link type l (y : l);

- γ[P] - in a type environment γ, if a P process is well defined to type t, i.e., γ[P : t] then for all x labels, such that x ∈ bn(P), x is also of the type t in γ (γ[x : t]).

4.2.1 Γ Type Environment: Semantic Functions and Equations

To reduce a process, it is necessary to "consult" the type environment. For this, one can have the function show, set to Γ able to show what type of labels are in a process, and the function show-overlay that updates an environment:

show _{: Γ −→ Type + ∅ + wrong} (4.14)

show-overlay: Γ × Γ −→ Γ (4.15)

Let γ ∈ Γ, x, y ∈ Label, l ∈ LType, b ∈ VType, t ∈ Type and P ∈ Process be the equations as follows:

show-overlay(γ, x : t) = show(γ0[x : t]) (4.16)

show_{[[ emptyγ ]] = ∅} (4.17)

show[[ γ[x : l] ]] = Γ(Link(x)) (4.18)

show[[ γ[y : b] ]] = Γ(name(y)) (4.19)

show[[ γ[P] ]] =        if ∃ x ∈ bn(P) | x : t thenΓ(x) elseemptyγ (4.20)

show[[ γ[nill] ]] = emptyγ (4.21)

show[[ γ[x y . P] ]] =        if (x : chan t) ∧ (y : t ∧ γ[P]) then show(γ[P]) elsewrong (4.22) show[[ γ[x z . P] ]] =        if (x : chan t) ∧ (γ[z : t, P]) then show(γ[P]) elsewrong (4.23) show[[ γ, [τ . P] ]] = show(γ[P]) (4.24) show[[ γ[[x = y]P] ]] =        if (x : chan t) ∧ (y : chan t) ∧ (γ[P]) then show(γ[P]) elsewrong (4.25)

show[[ γ[P1+ P2] ]] =        if (γ[P1]) ∧ (γ[P2])

then show(γ[P1]) ∨ show(γ[P2])

elsewrong (4.26) show[[ γ[P1 | P2] ]] =        if γ[P1] ∧ γ[P2]) then show-overlay(γ[P1], [P2]) elsewrong (4.27) show[[ γ[new x(P)] ]] =        if (γ[x : l]) ∧ (γ[P]) then show-overlay(γ[x : l, P]) elsewrong (4.28) show[[γ[Replicate P]]] = show(γ[P]) (4.29)

In expression 4.28, x is a bounded label restricted to the P process and is, therefore, typed. The restriction function creates a new communication channel used for synchronism and mobility in π-Calculus, so x is of type LType (type link) by definition.

Now it is possible to work with a type environment to the reduction of the processes. Through typed domains, one can define a values passing for the process transition. This will be presented in the next chapter.

5 VALUES PASSING

Since type labels are registered in a type environment, it is possible to define some domains according to the label’s behavior in a process. Therefore, one can ensure the right value passing or the system is wrong. Follows the domains:

TLink= {x | x ∈ Label ∧ Γ(x) ∈ LType} (5.1)

TMessage= {y | y ∈ Message ∧ ∀ yn ∈ y, n ∈ N, Γ(yn) ∈ Type} (5.2)

TIdentifier= {i | i ∈ Identifier ∧ Γ(i) ∈ Type} (5.3)

Theorem 1. TIdentifier ⊆ TMessage.

Proof By definition, for all y ∈ Message, y can be a value, a variable or a link. Let Identifier ⊆ Message be a subset of variables, for all i ∈ Identifier, then i ∈ Message. So if i ∈ Identifier is typed, it will be typed in Message. Then for all i ∈ TIdentifier one has to

i∈ TMessage ⇒ TIdentifier ⊆ TMessage. _

5.1 Values Passing During Parallel Composition

The π-Calculus, like CCS, assumes that Values Passing interactions take place between two agents. The difference over both is the capability of realizing these interactions as many times as necessary in π-Calculus. Taking into account the π syntax on expression 2.28, one can to reset any expressions considering the semantic domains as follows: Let x ∈ TLink, y ∈ TMessageand z ∈ TIdentifier be then the follow prefix has the respective semantics meaning:

- output prefix: x y - x is the channel of communication. Therefore, Γ(x) ∈ LType and x can send y of the type VType or LType. But this is only possible if the y value type is the same that x can transfer. For example, let P = x y . Q be a process defined to the type environment γ[P : Nat]. It means that the P process is well defined for type Nat and the transition of this process is only possible if y : Nat is any value of the Nat type:

if (y : Nat) ∧ (x : chan Nat) ∧ (γ[Q])

then sum(P (x y))  m = trans(actpref (x y . Q (x y))  update(m; L(x)[ ]; R(x)[y]) elsewrong

Now suppose that let y : l be a link type, with l ∈ LType, and make γ[P] be a type environment, with P as in the previous example. Some observations must be considered for that transition to occur correctly. In this case,

if (y : l) ∧ (x : chan l) ∧ (γ[Q])

then sum(P (x (y)))  m = trans(actpref (x y . Q (x (y)))  update(m; L(x)[ ]; R(x)[y]) elsewrong

and at this moment, it is not necessary to know which type y is capable to transfer. Probably its validity will be verified in a possible synchronism.

- input prefix: x z - x is the channel of communication. Therefore, it is of the LType type and can receive a value or link of the Type type for z variable. But this is only possible if both the received value or link and z have the same type. For example, let P = x z . Q be a process defined to the type environment γ[z : Nat, P]. It means that the Q process is well defined to Nat type and the transition of this process is only possible if x is a link with the capability to receive a variable of Nat type, the equations1as follows:

if (x : chan Nat) ∧ (γ[z : Nat, Q])

then sum(x z . Q (x 2))  m = trans({+ 2_/z}Q0_{) [L(x)[z]] m[}2_/z]

elsewrong

{2_/z}Q0 _{means the process result of replacing all unbound occurrences of z in Q by 2.}

As in the previous item, the passing of links must meet some criteria. In the example above, the transition occurs only if y, z : l is of type link, with l ∈ LType. Also, all the linked occurrences of z in Q must be of the link type, that is Q must be well defined for the environment of type γ[z : l]. The transition as follows,

if x: chan l ∧ γ[z : l, Q]

then sum(x z . Q (x y))  m = trans({+ y_/z}Q0_{) [L(x)[z]] m[}y_/z]

elsewrong 1₍ +